Yes, I think we should keep CAN-2001-0145 to become the CVE number, and have CAN-2000-0756 and CAN(CVE)-2001-0145 doubly linked with an explicit notice "These are the same vulnerabilities."
I think that this is an acceptable price to pay for a reduced lag time, if it happens only a few times per year.
Cheers,
Pascal
At 11:36 PM -0500 2/27/01, Steven M. Christey wrote:
...
>The guidelines suggest that CAN-2001-0145 would be promoted instead of
>CAN-2000-0756. So, is that reasonable?
>
>- Steve